EP3520008A1 - Steuerung von delegierungsrechten - Google Patents
Steuerung von delegierungsrechtenInfo
- Publication number
- EP3520008A1 EP3520008A1 EP17787493.0A EP17787493A EP3520008A1 EP 3520008 A1 EP3520008 A1 EP 3520008A1 EP 17787493 A EP17787493 A EP 17787493A EP 3520008 A1 EP3520008 A1 EP 3520008A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- user
- request
- agreement
- response
- action
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
- G06Q20/425—Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
Definitions
- the invention lies in the field of the delegation of rights of a person to a third party.
- Many systems allow a user equipped with computer equipment to control the execution of actions, for example financial transactions, by a remote entity reachable via a communication link.
- performing an action is performed after verifying the identity and rights of the user to perform this action.
- this check generally includes the entry by the user of a previously registered identifier and password.
- system-generated code transmitted to the user via another communication network.
- This code is for example transmitted in the form of an SMS ("Short Message Service") received by the mobile phone of the user.
- a first technique is for the user to transmit his identifiers to the person to whom he delegates rights of access so that the person performs the actions in his place.
- this solution can be dangerous for the user because he has no control over the actions performed.
- this person changes the password without communicating the new password to the user, the user can no longer perform the actions himself.
- Another technique is to approach the administrator of each site to request the delegation of all or part of a user's access rights to a designated person. But this technique is heavy and lacks flexibility.
- One of the aims of the invention is to remedy the shortcomings / disadvantages of the state of the art and / or to make improvements thereto.
- the invention relates to a method of controlling an action.
- the method comprises the following steps, implemented by a control device:
- the first user has delegated rights to the second user, he can through the request for agreement that he receives from the control device, transmit an agreement or a refusal to execute an action ordered by a user who has received a delegation. It thus retains complete control over all delegated actions.
- a delegation token is a set of data certifying a delegation of an action from a first user to a second user.
- the delegation token generally includes data in the clear and data encrypted with an encryption key.
- the analysis step includes a verification step for determining whether a predefined set of at least one rule for using said delegation token is respected and the sending step of a request for agreement is made if said set of rules is not respected.
- a scope of use of the delegation is determined by predefined rules.
- the set of rules notably allows the first user to limit the delegated rights.
- the interrogation and obtaining agreement from the first user allows the second user to order the execution of an action for which he has no delegation. This makes it possible to unload the first user of the realization of actions for which he had not provided for delegation.
- the authorization request and the response to the authorization request are transmitted via a first communication network and the request for agreement is transmitted via a second communication network.
- the use of a second network makes it possible in particular to reach the first user when he does not have access to the first network, for example when he is in a mobility situation.
- the request for agreement is sent in the form of an SMS ("Short Message Service").
- SMS Short Message Service
- This means of communication is simple to use and non-invasive. The first user can thus agree without having complicated manipulations to do.
- the authorization request includes a reachability identifier of the first user used to transmit said request for agreement.
- a reachability identifier of a user is an identifier for contacting this user.
- a reachability identifier is a telephone number, an email address ...
- the reachability identifier included in the authorization request allows the control server to join the first user.
- this reachability identifier by the second user during the request for action execution allows a flexibility in the choice of the terminal of the first user.
- the second user can for example use a first identifier in certain conditions and a second in other conditions. It is thus possible to provide a reachability identifier without modifying the setting of the control device.
- a reachability identifier is contained in the delegation token or recorded by the control device in a memory accessible by this control device. It is not necessary to insert it in the authorization request. It is not necessary for the second user to transmit it when requesting the execution of an action.
- At least one rule of said set is a rule associated with a context of use.
- the invention also relates to a control device comprising:
- a first communication module configured to receive, from a server, an authorization request relating to at least one action for which a first user has execution rights and for which a command has been formulated by a terminal a second user, said request containing data relating to said at least one an action and a delegation token certifying delegation of said at least one action by the first user to the second user,
- a determination module for determining, based on said first result, whether an agreement of the first user should be requested
- a second communication module configured to send to a terminal of said first user an agreement request for the execution of said at least one action, if it is determined that an agreement of the first user must be requested;
- said first communication module is configured to send said server to said response to said authorization request.
- the analysis module of the control device is configured to determine whether a predefined set of at least one rule for using said delegation token is respected.
- the control device has the same advantages mentioned above as the control method.
- the invention also relates to a computer program product comprising instructions for the implementation of a control method as described above, when this program is executed by a processor.
- the invention thus relates to a software or program, capable of being executed by a computer or a data processor, this software / program comprising instructions for controlling the execution of the steps of a control method. These instructions are intended to be stored in a memory of a computing device, loaded and then executed by a processor of this computing device.
- This software / program can use any programming language, and be in the form of source code, object code, or intermediate code between source code and object code, such as in a partially compiled form, or in any form what other form is desirable.
- the computing device can be implemented by one or more physically distinct machines and generally presents the architecture of a computer, including components of such an architecture: data memory (s), processor (s), communication bus , hardware interface (s) for connecting this computing device to a network or other equipment, user interface (s), etc.
- the invention also relates to an information carrier readable by a data processor, and comprising instructions of a program as mentioned above.
- the information carrier may be any entity or device capable of storing the program.
- FIG. 1 is a diagram illustrating a system according to a first embodiment of the invention
- FIG. 2 is a diagram representing a control server able to implement a control method according to one embodiment of the invention.
- FIG. 3 is a flowchart illustrating the various steps of a control method according to a first embodiment of the invention
- FIG. 4 is a diagram illustrating a system according to a second embodiment of the invention.
- FIG. 5 is a flowchart illustrating the different steps of a control method according to a second embodiment of the invention.
- module may correspond in this document to both a software component, a hardware component or a set of hardware and / or software components, capable of implementing a function or a set of functions, as described below for the module concerned.
- a software component corresponds to one or more computer programs, one or more subroutines of a program, or more generally to any element of a program or software.
- Such software component is stored in memory then loaded and executed by a data processor of a physical entity (terminal, server, gateway, set-topbox, router, etc.) and is likely to access the hardware resources of this physical entity (memories, recording media, communication buses, electronic input / output boards, user interfaces, etc.).
- a material component corresponds to any element of a material set (or hardware). It may be a programmable hardware component or with an integrated processor for running software, for example an integrated circuit, a smart card, an electronic card for executing a firmware, etc.
- a first embodiment of a control method will now be described with reference to Figures 1 to 3.
- a SYS system comprises a control server SC and a processing server ST able to communicate with each other via a communication network R.
- a terminal TU of a user U is able to connect to the communication network R and to communicate with one or more servers via the network R.
- a TY terminal of a user Y is able to connect to the communication network R and to communicate with one or more servers via the network R.
- the terminal TY is for example able to connect to the processing server ST, for example via a website.
- the terminals TU and TY comprise navigation software, commonly called browser, allowing access to servers using a web technology.
- the network R is the Internet network.
- the network R is an intranet network, a local network, a wireless network of Wifi or Bluetooth type ...
- the terminal TU and the terminal TY are for example computers of PC type ("Personal Computer").
- the TY terminal and / or the TU terminal is a mobile phone or a PDA ("Personal Digital Assistant"). More generally, the TY and TU terminals are terminals able to access the network R.
- the SYS system also comprises a database BD accessible by the control server SC, directly or via the communication network R.
- the control server SC represents an example of a control device within the meaning of the invention.
- control device is integrated in the control server SC.
- control device is then a module of the control server SC.
- the control server SC comprises, in a known way, notably a processing unit UT equipped with a microprocessor, a read-only memory ROM, RAM type RAM.
- the read-only memory ROM comprises registers storing a computer program PG comprising program instructions adapted to implement a control method according to an embodiment of the invention described later with reference to FIG.
- the control server SC also comprises a first communication module COM1, a generation module GEN, an analysis module ANL, a determination module DET, a request module DAC agreement, a response construction module CNR and a second communication module COM2.
- the first communication module COM1 is configured to communicate via the network
- the first COMlest communication module thus configured to communicate with the processing server ST.
- the second communication module COM2 is configured to communicate via a second network.
- the second communication module COM2 is for example configured to transmit and receive SMS (for "Short Message Service") to or from terminals, for example the mobile terminal MU of the user U.
- SMS for "Short Message Service”
- the second network is different from the network R.
- the second network is the network R.
- the processing server ST is an online sales server with which the user U has registered and thus has DR rights.
- DR rights are for example a couple login / password, an identifier, a bank account reference ...
- the generation module GEN of the control server SC generates a delegation token J.
- the generation of the delegation token J by the control server SC is triggered following the reception by the control server SC of a delegation request DD issued by the user U, for example via its terminal TU.
- the DD delegation request includes data making it possible to define the rights DR, that is to say the delegated action (s) by the user U.
- the DD delegation request includes data that makes it possible to identify a second user, for example the user Y, to which the user U wants to delegate the rights DR.
- the data making it possible to identify the user Y are typically an identifier of the user Y such as, for example, a couple name / surname, a company identifier ...
- the DD delegation request also includes a set E of at least one usage rule.
- the set E includes a rule of use RI and the rule of use RI is for example "the amount of an order made by the user Y on behalf of the user U must be less than 20 Euros Vet
- the set E defines the perimeter in which the user U authorizes the user Y to perform actions on his behalf, for example transactions.
- the DD delegation request does not include a set E. In this case, no rule is associated with the delegation.
- the delegation token J contains an identifier IdU of the user U and an identifier IdY of the user Y.
- the identifier IdU of the user U is for example the name of the user, an identifier assigned to the user, for example within a company in which he works, a social security number ...
- the delegation token J also contains the set E or an identifier of the set E.
- the set E is not contained in the token J and is registered by the control server SC in the database BD in association with the delegation token J.
- the set E is stored in an internal memory of the control server SC.
- the delegation token J also contains data M for contacting the user U.
- the data M are, for example, an MSISDN number (for 'Mobile Station International
- Subscriber Directory Number ' for example the MSISDN number of a user's MU terminal
- control server SC transmits to the second user Y, the delegation token J and ASC contact data of the control server SC.
- the ASC contact data is data for contacting the control server SC.
- the ASC contact data is typically an address of the control server SC, for example an IP ('Internet Protocol') address.
- the control server SC forwards, for example, the delegation token J and the contact data ASC via the communication network R, an SMS, an electronic mail, etc.
- the delegation token J and the ASC contact data are transmitted to the user U at the origin of the delegation request and the user U is responsible for transmitting these data to the user Y.
- the user Y establishes a communication link via the network R between the terminal TY and the processing server ST and then commands an action on behalf of the user U. More specifically, the TY terminal sends a CD command for the realization of an action Al.
- the action Al is for example the purchase of an object and the command CD contains an RF reference number of the object and a price X.
- the terminal TY also sends the processing server ST an NTU telephone number of the user U, for example the telephone number associated with the mobile terminal MU.
- the NTU telephone number is for example entered by the user Y by means of a graphical interface displayed on a screen of the terminal TY.
- the NTU telephone number represents a reachability identifier within the meaning of the invention.
- the terminal TY also sends to the processing server ST data indicating that the command CD is carried out on behalf of the user U, typically an identifier of the user U.
- the terminal TY does not indicate that the command CD is on behalf of the user U.
- the terminal TY also transmits to the processing server ST, the delegation token J and the contact data ASC of the control server SC.
- Step E4 is followed by a step E6 in which the processing server ST having received the data transmitted by the terminal TY during the step E4, transmits to the control server SC, using the contact data ASC, an RQA authorization request containing the token J and all or part of the CD command.
- the RQA request contains the token J, the RF reference number, the price X and the reachability identifier NTU.
- the authorization request RQA is received by the first communication module COM1 of the control server SC during a step E8.
- Step E8 is followed by a step E10 in which the analysis module ANL of the control server SC analyzes the request RQA and determines according to the data received in the request RQA and in particular of the token J, a first result RS1 .
- step E10 comprises two sub-steps E12 and E14.
- the analysis control's ANL module SC checks whether the delegation token J is a valid token.
- the first result RS1 is "refusal” or "invalid token” or "NOK".
- the substep E12 is followed by the substep E14, in which the analysis module ANL of the control server SC determines whether the rules of the set E are respected.
- the control server SC verifies that the price X is less than 20 Euros.
- the first result RS1 is "agreement” or "OK”.
- the first result RS1 is "refusal” or "NOK”.
- Step E10 is followed by a step E16 in which the determination module DET of the control server SC determines whether agreement of the user U must be requested.
- this agreement is requested if the set E rules is not respected, for example if the price X is greater than 20 Euros.
- agreement is requested if, on the one hand, the set E of rules is not respected and if, on the other hand, an additional rule, recorded for example in a memory of the control server SC or database BD, is respected. For example, agreement is asked if the price is higher than 20 € but less than 30 €.
- step E16 is followed by step E1, in which the DAC tuning request module of the control server SC sends to the user U via the second communication module COM2, a request for DA agreement for the execution of the action Al, using the telephone number NTU contained in the request RQA.
- the request for agreement DA is for example an SMS and contains for example the text: "user Y has requested the execution of an order of an RF reference object for an amount of 22 €. Do you agree with this order? ".
- this request for agreement DA is transmitted by another means of communication, for example a mail, a voice message ...
- Step El 8 is followed by a step E20 during which the control server SC waits for a response to the request for agreement DA during a maximum delay D predefined.
- the CNR response building module of the control server SC constructs an RPA response to the RQA authorization request (step E22).
- the RPA response signals agreement or refusal for the execution of the CD command.
- the answer RPA is determined from the response RA of the user U to the request for agreement DA.
- the response RA to the request for agreement DA is formulated by the user U and transmitted to the control server SC by the terminal MU in the form of, for example, an SMS. It is received by the control server SC via the second communication module COM2.
- the response RPA to the request for authorization RQA signals said agreement or said refusal.
- the response RPA contains the first determined result RS1 If it is determined in step E16 that a user agreement should not be requested, the answer RPA contains the first result RS1 determined in step E10.
- Step E22 is followed by a step E24 in which the first communication module COM1 of the control server SC sends, to the processing server ST, the response RPA.
- the processing server ST then continues the processing of the command CD according to the received answer RPA.
- the steps E0, E2, E8, E10, E16, E18, E20, E22 and E24 implemented by the control server SC, represent steps of a control method.
- the action Al is an online command.
- the action is a validation of a leave request from a management server.
- the user Y is authorized by the user U to validate the requested holidays when the holidays requested during the current month do not exceed fifteen days. If the holidays requested in the current month exceed fifteen days, an agreement request is sent to the user U.
- a system SY2 comprises a processing server ST, a terminal TU of a first user U and a terminal TY of a second user Y able to communicate with each other via a communication network R.
- the terminal TU and the terminal TY are able to connect to the communication network R and to communicate on the one hand with each other and on the other hand with one or more servers via the network R.
- the network R is for example the Internet network.
- the terminal TU and the terminal TY are for example computers of PC type ("Personal Computer").
- the TY terminal and / or the TU terminal is a mobile phone or a PDA ("Personal Digital Assistant").
- the APP application represents an example of a control device within the meaning of the invention.
- the processing server ST is an employee movement management server of an enterprise from which the user U has registered and thus has rights of validation of the displacements of a list of predefined employees, for example the employees of his team.
- the user U by means of an interface of the APP application installed on the terminal TU, requests that the user Y can validate the movements in France of the members of his team.
- the APP application Following receipt of this request, the APP application generates a delegation token J.
- the token J certifies that the user Y has delegation rights given by the user U for the management of the movements of the employees of the team from A.
- the application APP also stores in a memory of the terminal TU of the user U, a rule R2: "the destination of the move must be in France".
- the APP application records in association with the rule R2, an identifier of the user U, an identifier of the user Y and the token J.
- the APP application communicates the token J to the user U which retransmits it to the user Y.
- a step E52 the user Y establishes a communication link via the network R between the terminal TY and the processing server ST and commands a validation of a trip to Germany of a staff member of the team.
- User U the user Y establishes a communication link via the network R between the terminal TY and the processing server ST and commands a validation of a trip to Germany of a staff member of the team.
- the terminal TY sends a validation command CD.
- the validation of the displacement represents an action, referenced A2, within the meaning of the invention.
- the terminal TY also transmits to the processing server ST, the delegation token J and a mobile phone number NTU of the user U.
- Step E52 is followed by a step E54 in which the processing server ST having received the data transmitted by the terminal TY during the step E52, transmits to the APP application an authorization request RQA containing the token J, the NTU phone number and DP data relating to the CD command.
- control-related DP data contained in the RQA request is an IdZ of the employee Z wishing to move, for example his name, and the destination of the move.
- the authorization request RQA is received by the APP application during a step E56.
- Step E56 is followed by a step E58 in which the APP application parses the request
- the application APP finds in its memory the token J and the data recorded in association with the token J and uses this data to check the validity of the token J and to check if the rule R2 is respected
- the application APP thus determines a first result RS2 signaling a refusal because the rule R2 is not respected.
- the APP application determines that the rule R2 is not respected, an agreement of the user U must be requested.
- Step E60 is followed by a step E62 in which the APP application transmits to user U using the NTU telephone number contained in the RQA authorization request, a request for DA agreement for execution. A2 action.
- the request for agreement DA is for example an SMS and contains for example the text: "Do you agree that the user Y validates a trip to Germany of the employee Z? ".
- the step E62 is followed by a step E64 during which the APP application waits for a response to the request for agreement DA during a maximum predefined delay D.
- the APP application constructs an RPA response to the RQA authorization request (step E66)
- the RPA response signals an agreement or refusal for the execution of action A2.
- the answer RPA is determined from the response of the user U to the request for agreement DA.
- a response RA to the request for agreement DA is received by the application APP and it is determined that the response RA contains an agreement or a refusal for action A2
- the answer RPA to the request for authorization RQA is determined from the response RA and the response RPA to the authorization request RQA reports said agreement or refusal.
- the response RPA contains the first result RS2 determined during the analysis step E56.
- the RPA response contains the first RS2 result determined.
- Step E66 is followed by a step E68 in which the control server SC sends the answer RPA to the processing server ST.
- the delegation token is transmitted to a terminal of a user.
- the delegation token J is transmitted to a connected object capable of controlling the execution of an action.
- Such a connected object is for example an object installed in a refrigerator and configured to establish a shopping list based on the products stored in this refrigerator.
- An action is for example a purchase request.
- the purchase request is for example formulated by the connected object periodically or triggered when the shelves of the refrigerator are almost empty.
- the reachability identifier is transmitted by the terminal TY to the processing server ST and inserted by this processing server in the authorization request RQA.
- the reachability identifier is contained in the delegation token J or recorded by the control device in a memory accessible by this control device.
- one or more rules are defined for a context of use.
- a first rule can limit the number of actions performed by a refrigerator-type connected object to one command per week if the average outside temperature is below 25 ° C and allow a higher number of commands if the temperature outside average is above 25 ° C.
- the usage context associated with a rule may be related to the location of the second user.
- the control server comprises means for obtaining a location information of the second user.
- the authorization request comprises, for example, information on the location of the second user or the control server includes means for interrogating a device capable of providing this location information.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Telephonic Communication Services (AREA)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| FR1659437A FR3057085A1 (fr) | 2016-09-30 | 2016-09-30 | Controle de delegation de droits |
| PCT/FR2017/052638 WO2018060629A1 (fr) | 2016-09-30 | 2017-09-28 | Contrôle de délégation de droits |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| EP3520008A1 true EP3520008A1 (de) | 2019-08-07 |
| EP3520008B1 EP3520008B1 (de) | 2025-09-17 |
Family
ID=58213161
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| EP17787493.0A Active EP3520008B1 (de) | 2016-09-30 | 2017-09-28 | Stellvertreterregelung und rechte |
Country Status (4)
| Country | Link |
|---|---|
| US (1) | US11223618B2 (de) |
| EP (1) | EP3520008B1 (de) |
| FR (1) | FR3057085A1 (de) |
| WO (1) | WO2018060629A1 (de) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11416868B1 (en) * | 2019-12-27 | 2022-08-16 | United Services Automobile Association (Usaa) | Methods and systems for third-party approval of secure account fund transfer |
| CN111970306B (zh) * | 2020-08-31 | 2022-11-04 | Oppo广东移动通信有限公司 | 权限认证方法、服务器、客户端及存储介质 |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006079145A1 (en) * | 2004-10-20 | 2006-08-03 | Salt Group Pty Ltd | Authentication method |
| EP2858298A1 (de) * | 2012-05-25 | 2015-04-08 | Tendyron Corporation | Berechtigungsprüfungsverfahren und system für elektronisches signaturwerkzeug und elektronisches signaturwerkzeug |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8819784B2 (en) * | 2010-02-24 | 2014-08-26 | Telefonaktiebolaget Lm Ericsson (Publ) | Method for managing access to protected resources and delegating authority in a computer network |
| US8826390B1 (en) * | 2012-05-09 | 2014-09-02 | Google Inc. | Sharing and access control |
| US9450958B1 (en) * | 2013-03-15 | 2016-09-20 | Microstrategy Incorporated | Permission delegation technology |
| FR3007603A1 (fr) * | 2013-06-21 | 2014-12-26 | France Telecom | Etablissement de communication entre une application web et un terminal |
-
2016
- 2016-09-30 FR FR1659437A patent/FR3057085A1/fr active Pending
-
2017
- 2017-09-28 EP EP17787493.0A patent/EP3520008B1/de active Active
- 2017-09-28 US US16/338,285 patent/US11223618B2/en active Active
- 2017-09-28 WO PCT/FR2017/052638 patent/WO2018060629A1/fr not_active Ceased
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006079145A1 (en) * | 2004-10-20 | 2006-08-03 | Salt Group Pty Ltd | Authentication method |
| EP2858298A1 (de) * | 2012-05-25 | 2015-04-08 | Tendyron Corporation | Berechtigungsprüfungsverfahren und system für elektronisches signaturwerkzeug und elektronisches signaturwerkzeug |
Non-Patent Citations (1)
| Title |
|---|
| See also references of WO2018060629A1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| FR3057085A1 (fr) | 2018-04-06 |
| US11223618B2 (en) | 2022-01-11 |
| WO2018060629A1 (fr) | 2018-04-05 |
| EP3520008B1 (de) | 2025-09-17 |
| US20200036706A1 (en) | 2020-01-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9736095B2 (en) | Accessing third-party communication service via a social networking system | |
| US8639785B2 (en) | Unsolicited cookie enabled contextual data communications platform | |
| EP3243177B1 (de) | Verfahren zur verarbeitung einer autorisierung zur implementierung eines dienstes, vorrichtungen und entsprechendes computerprogramm | |
| US8955145B2 (en) | Dynamic enforcement of privacy settings by a social networking system on information shared with an external system | |
| US8352575B2 (en) | System and method for a server-based files and tasks brokerage | |
| US8356341B2 (en) | Life cycle management of authentication rules for service provisioning | |
| US20070073889A1 (en) | Methods, systems, and computer program products for verifying an identity of a service requester using presence information | |
| US11811770B2 (en) | Systems and methods for data access notification alerts | |
| LU100580B1 (en) | Profiling proxy | |
| US20140282984A1 (en) | Service relationship and communication management | |
| US10432571B2 (en) | Automated connection of electronic messaging and social networking services method and apparatus | |
| JP2021536651A (ja) | ネットワークベースの環境におけるリバースクッキーとして使用される情報の個人用パケットの作成、管理、および配信のためのシステムおよび方法 | |
| US20180241745A1 (en) | Method and system for validating website login and online information processing | |
| EP3520008A1 (de) | Steuerung von delegierungsrechten | |
| EP3021273B1 (de) | Sicherungsverfahren einer transaktion zwischen einem mobilen endgerät und einem server eines dienst-providers über eine plattform | |
| JP6847949B2 (ja) | データシグナリングを制御するためのネットワークアーキテクチャ | |
| US11941623B2 (en) | Device manager to control data tracking on computing devices | |
| EP2084645A2 (de) | Authentifizierungssystem für dienstbereitstellung | |
| FR3031608A1 (fr) | Methode de traitement d'une autorisation de mise en œuvre d'un service, dispositifs et programme d'ordinateur correspondant | |
| CH719332A2 (fr) | Procédé, système et terminal de collecte de marques d'intérêts pour déclencher des processus automatisés. | |
| WO2018099874A1 (fr) | Procédé et système pour sécuriser des opérations sensibles réalisées dans un environnement de communication non sécurisé |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
| PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
| 17P | Request for examination filed |
Effective date: 20190314 |
|
| AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
| AX | Request for extension of the european patent |
Extension state: BA ME |
|
| DAV | Request for validation of the european patent (deleted) | ||
| DAX | Request for extension of the european patent (deleted) | ||
| RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ORANGE |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
| 17Q | First examination report despatched |
Effective date: 20210203 |
|
| RAP3 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ORANGE |
|
| REG | Reference to a national code |
Ref country code: DE Free format text: PREVIOUS MAIN CLASS: G06F0021310000 Ipc: G06F0021340000 Ref legal event code: R079 Ref document number: 602017091839 Country of ref document: DE |
|
| GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
| RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06Q 20/38 20120101ALI20250508BHEP Ipc: H04L 9/40 20220101ALI20250508BHEP Ipc: G06F 21/44 20130101ALI20250508BHEP Ipc: G06Q 20/42 20120101ALI20250508BHEP Ipc: G06F 21/34 20130101AFI20250508BHEP |
|
| INTG | Intention to grant announced |
Effective date: 20250526 |
|
| GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
| GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
| STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
| AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
| REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D Free format text: NOT ENGLISH |
|
| REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
| REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602017091839 Country of ref document: DE |
|
| REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D Free format text: LANGUAGE OF EP DOCUMENT: FRENCH |
|
| PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20250923 Year of fee payment: 9 |
|
| PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20251023 Year of fee payment: 9 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20251217 |
|
| REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG9D |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 |
|
| PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20251022 Year of fee payment: 9 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20251218 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 |
|
| REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20250917 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20251217 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 |
|
| REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1838919 Country of ref document: AT Kind code of ref document: T Effective date: 20250917 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20260117 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20260119 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 |
|
| PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20250917 |